In a significant development, law enforcement agencies have allegedly seized the newly created ALPHV/BlackCat leak site, dealing a major blow to the ransomware group. The action comes shortly after revelations that the group received a whopping $22 million from Change Healthcare.
Cybersecurity analyst and researcher Dominic Alvieri published an image of the leak site, showing the involvement of numerous law enforcement agencies in a joint operation to seize it. Thus, the two leak sites exploited by the Ransomware group have now been confiscated.
These developments notably follow BlackCat’s recent message on its Tox platform, offering to sell its source code for $5 million. Additionally, accusations were also made by an affiliate of the pirate collective, alleging a “scam” against the other members of the group.
Scam and Server Downtime Allegations
The turmoil began when the BlackCat ransomware gang shut down its servers amid allegations of scamming the subsidiary responsible for the attack on Optum, the operator of the Change Healthcare platform.
New reports suggest that the subsidiary involved in the operation was banned and that the $22 million ransom was allegedly paid by Changing healthcare was stolen by ALPHV/BlackCat.
The situation quickly changed when messages surfaced on the Tox messaging platform used by ransomware operators, declaring: “Everything is off, it’s up to us.” The statement sparked speculation about the group’s motives, raising questions about whether they were planning an exit scam or mulling a proposed rebranding.
The reported scam sparked strong backlash from someone claiming to be a longtime ALPHV/BlackCat affiliate. They accused the group of treason, alleging they had absconded with the ransom funds.
The Affiliate, operating under the username “notchy”, claimed to have stolen critical data from Change Healthcare, including insights that could impact thousands of customers across diverse industries.
To support their claims, “Notchy” shared details of cryptocurrency transactions totaling over $23 million, allegedly transferred from Optum as ransom payments.
History of BlackCat’s rebranding and law enforcement pressure
Developments around ALPHV/BlackCat are reminiscent of past incidents involving the group, which has undergone multiple name changes in response to pressure from law enforcement. Originally known as DarkSidethe gang gained notoriety thanks to its cyber attack on the Colonial pipeline in 2021, leading to widespread panic and fuel shortages across the United States.
Despite setbacks, including server failures and infrastructure shutdowns, the group has resurfaced several times under new pseudonyms, including Black matter and ALPHV. Each rebranding has been accompanied by renewed efforts to extort victims and exploit vulnerabilities in cybersecurity defenses.
The last entry of ALPHV/BlackCat leak site represents a significant victory for law enforcement agencies grappling with growing threat of ransomware attacks. However, this incident serves as a reminder of the ongoing challenges posed by cybercriminals and the need for enhanced cybersecurity measures to protect against future threats.
As the investigation into ALPHV/BlackCat’s activities continues, authorities will likely intensify efforts to dismantle the operation and hold those responsible accountable for their actions. In the meantime, organizations and individuals are urged to remain vigilant and take proactive steps to protect their data and infrastructure from ransomware attacks.
The fate of ALPHV/BlackCat remains uncertain, but one thing is clear: the battle against ransomware is far from over, and concerted efforts are needed to combat this pervasive cybersecurity threat.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. THE Cyber Express assumes no responsibility for the accuracy or consequences of the use of this information.